]
Farah Juma resolved ELY-1630.
-----------------------------
Fix Version/s: 1.5.3.CR1
Resolution: Done
Ignore any blank lines in between the certificates in the certificate
chain returned by an ACME server to avoid parsing issues on IBM JDK
-----------------------------------------------------------------------------------------------------------------------------------------
Key: ELY-1630
URL:
https://issues.jboss.org/browse/ELY-1630
Project: WildFly Elytron
Issue Type: Bug
Components: API / SPI
Reporter: Farah Juma
Assignee: Farah Juma
Fix For: 1.5.3.CR1
Currently, {{AcmeClientSpiTest#testObtainCertificateChainWithKeySize}} and
{{AcmeClientSpiTest#testObtainCertificateChainWithECPublicKey}} fail when run with IBM JDK
with the following error:
{code}
org.wildfly.security.x500.cert.acme.AcmeException: ELY10049: Unable to download
certificate chain from ACME server
at
org.wildfly.security.x500.cert.acme.AcmeClientSpi.getPemCertificateChain(AcmeClientSpi.java:988)
at
org.wildfly.security.x500.cert.acme.AcmeClientSpi.obtainCertificateChain(AcmeClientSpi.java:519)
at
org.wildfly.security.x500.cert.acme.AcmeClientSpiTest.obtainCertificateChain(AcmeClientSpiTest.java:284)
at
org.wildfly.security.x500.cert.acme.AcmeClientSpiTest.testObtainCertificateChainWithKeySize(AcmeClientSpiTest.java:260)
Caused by: java.security.cert.CertificateException: Unable to initialize,
java.io.IOException: insufficient data
at com.ibm.security.x509.X509CertImpl.<init>(X509CertImpl.java:268)
at
java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:448)
at
org.wildfly.security.x500.cert.acme.AcmeClientSpi.getPemCertificateChain(AcmeClientSpi.java:984)
... 3 more
{code}
The underlying issue is that the PEM certificate chain returned by the ACME server has a
blank line in between the two certificates in the chain. This causes parsing issues on IBM
JDK when {{CertificateFactory.generateCertificates()}} is called. To fix this, we can just
ignore any blank lines in the chain.